Backdoor

How to remove “Backdoor:MSIL/AsyncRAT.F!MTB”?

Malware Removal

The Backdoor:MSIL/AsyncRAT.F!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Backdoor:MSIL/AsyncRAT.F!MTB virus can do?

  • Authenticode signature is invalid
  • Anomalous .NET characteristics

How to determine Backdoor:MSIL/AsyncRAT.F!MTB?


File Info:

name: E747E0708439B7136459.mlw
path: /opt/CAPEv2/storage/binaries/30c5c71d0d36e832b002b267e069bdd7a4cdc073e46a8f4707eced1e660549b9
crc32: 215C8417
md5: e747e0708439b7136459abd3e8e5ac45
sha1: 8c0b9c294cf6c79930a96d97f1b3d4f84d98f4ae
sha256: 30c5c71d0d36e832b002b267e069bdd7a4cdc073e46a8f4707eced1e660549b9
sha512: a8faf1039ceeb36f059d809b53dd704b9f61ebe07fb29d5596c75d19a8ebac06b1a260a1403a3989a73d635b8995ff2b598fe46cd582d3246578ab6c9e3de93f
ssdeep: 12288:vJalb9FIN60xmy9/CinsYf9QbDM5E7cH9bzYEbq3NLG28Fx:vJsIJZHDVJ+
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T121E4382439FA501AB173EFAA4BE479DADA6FB7733B07645D109003864723981DEC253E
sha3_384: 9b596e7ce1eff9badaf88c67a6b327eaca9d7816384cb84a5ce4e44577b7292ffb31be6e9f5b42c6a90e69c0c0c27dfb
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-09-08 08:22:49

Version Info:

Translation: 0x0000 0x04b0
FileDescription:
FileVersion: 0.0.0.0
InternalName: 2_1.exe
LegalCopyright:
OriginalFilename: 2_1.exe
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

Backdoor:MSIL/AsyncRAT.F!MTB also known as:

BkavW32.AIDetectMalware.CS
AVGWin32:DropperX-gen [Drp]
Elasticmalicious (high confidence)
DrWebTrojan.MulDropNET.4
MicroWorld-eScanGen:Variant.Barys.712
FireEyeGeneric.mg.e747e0708439b713
SkyhighBehavesLike.Win32.Generic.jt
McAfeeGenericRXDQ-CI!E747E0708439
MalwarebytesBackdoor.Agent.PGen
SangforSuspicious.Win32.Save.a
K7AntiVirusTrojan ( 004561691 )
AlibabaTrojan:MSIL/DropperX.fb88b1d5
K7GWTrojan ( 004561691 )
BitDefenderThetaGen:NN.ZemsilF.36802.Om0@aivVs2e
VirITTrojan.Win32.MSIL_Heur.A
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of MSIL/TrojanDropper.Small.AM
APEXMalicious
AvastWin32:DropperX-gen [Drp]
KasperskyHEUR:Trojan.Win32.Generic
BitDefenderGen:Variant.Barys.712
NANO-AntivirusTrojan.Win32.Small.dchwtm
TencentMalware.Win32.Gencirc.13b7ef06
EmsisoftGen:Variant.Barys.712 (B)
F-SecureTrojan.TR/Dropper.Gen
VIPREGen:Variant.Barys.712
TrendMicroTROJ_GEN.R002C0DDH24
Trapminemalicious.moderate.ml.score
SophosTroj/MSIL-JHR
SentinelOneStatic AI – Malicious PE
AviraTR/Dropper.Gen
MAXmalware (ai score=81)
Antiy-AVLTrojan[Dropper]/MSIL.Small
Kingsoftmalware.kb.c.1000
MicrosoftBackdoor:MSIL/AsyncRAT.F!MTB
ArcabitTrojan.Barys.712
ViRobotTrojan.Win32.Z.Small.658432
ZoneAlarmHEUR:Trojan.Win32.Generic
GDataGen:Variant.Barys.712
GoogleDetected
AhnLab-V3Trojan/Win32.RL_Generic.C4303696
ALYacGen:Variant.Barys.712
Cylanceunsafe
PandaTrj/GdSda.A
TrendMicro-HouseCallTROJ_GEN.R002C0DDH24
RisingMalware.Obfus/MSIL@AI.97 (RDM.MSIL2:sOVdEHhR1WhcTBgVIEqjog)
IkarusTrojan-Dropper.MSIL.Small
MaxSecureTrojan.Malware.300983.susgen
FortinetMSIL/Small.AM!tr
DeepInstinctMALICIOUS
alibabacloudBackdoor:MSIL/AsyncRAT.F!MTB

How to remove Backdoor:MSIL/AsyncRAT.F!MTB?

Backdoor:MSIL/AsyncRAT.F!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment